<?php
    include("site/scripts.php");
    include("site/header.php");
    include("site/left.php");
    include("site/right.php");
    include("site/footer.php");
    
    $xtpl_index     = new XTemplate("view/index.htm");
    $title  = "Thế Giới Sữa - Công ty sữa Việt Nam";
    
    $xtpl_show      = new XTemplate("view/product/show.htm");
    
    $heading        = "Thông tin sản phẩm";
	$codecaptcha 	= READ_SESSION('securitycode');
    $id             = $_GET['id'];
    $content        = $_POST['content'];
    $code           = $_POST['code'];
    $code           = strtolower($code);

    $sql    = "SELECT * FROM product WHERE id_p='" . $id . "'";
    $result = mysql_query($sql);
    $row    = mysql_fetch_array($result);
    
    if($row['number']==0){
        $number = "Hết hàng";
    }
    else{
        $number = "Còn hàng";
    }
    
    $xtpl_show      -> assign('heading', $heading);
    $xtpl_show      -> assign('image', $row['image']);
    $xtpl_show      -> assign('provider', $row['provider']);
    $xtpl_show      -> assign('milkname', $row['milkname']);
    $xtpl_show      -> assign('size', $row['size']);
    $xtpl_show      -> assign('weight', $row['weight']);
    $xtpl_show      -> assign('cost', $row['cost']);
    $xtpl_show      -> assign('number', $number);
    $xtpl_show      -> assign('content', $row['content']);
    $xtpl_show      -> assign('id', $row['id_p']);
    
    if($_SESSION['member']){
        $total  = 0;
        $sql    = "SELECT * FROM comment WHERE product_id='" . $row['id_p'] . "' ORDER BY id_cm DESC";
        $result = mysql_query($sql);
        while($row_cm = mysql_fetch_array($result)){
            $sql_user   = "SELECT * FROM member WHERE id_m='" . $row_cm['user_id'] . "'";
            $re_user    = mysql_query($sql_user);
            $row_user   = mysql_fetch_array($re_user);
            $sqldate    = strtotime($row_cm['date']);
            $date_cm    = date('d-m-Y H:i:s', $sqldate);
            $xtpl_show  -> assign('username', $row_user['username']);
            $xtpl_show  -> assign('content_cm', $row_cm['content']);
            $xtpl_show  -> assign('comment_date', $date_cm);
            $xtpl_show  -> insert_loop('SHOW.COMMENT.TABLES', array('SHOW'=>$row));
            $total++;
        }
        $xtpl_show  -> assign('total_comment', $total);
        
        if(isset($_POST['submit'])){
            $countError = 0;
            if($_POST['content'] == NULL){
                $errorCode  = "Bạn chưa nhập nội dung";
                $countError = 1;                
            }
            if($code == NULL){
                $errorCode  = "Bạn chưa điền mã xác nhận";
                $countError = 1;
            }
            else if($code != $codecaptcha){
                $errorCode  = "Mã xác nhận không chính xác";
                $countError = 1;
            }
            
            if($countError == 0){
                $sql_1  = "SELECT * FROM member WHERE username='" . $_SESSION['member'] . "'";
                $re     = mysql_query($sql_1);
                $rows   = mysql_fetch_array($re);
                
                $sql    = "INSERT INTO  comment (user_id, product_id, content, date)
                           VALUES   ('" . $rows['id_m'] . "',
                                     '" . $id . "', 
                                     '" . $content . "',
                                     '" . $fullToday . "')";
                $result = mysql_query($sql);
                if($result){
                    header("location:index.php?page=show&id=" . $id . "");
                }
            }
            else{
                $xtpl_show  -> assign('error', $errorCode);
            }
        }
        
        $xtpl_show  -> parse("SHOW.COMMENT");
    }
    else{
        $xtpl_show  -> parse("SHOW.GUEST");
    }
    
    $xtpl_show      -> parse("SHOW");
    $mid            = $xtpl_show -> text("SHOW");
    
    $xtpl_index -> assign('title', $title);    
    $xtpl_index -> assign('scripts', $scripts);
    $xtpl_index -> assign('header', $header);
    $xtpl_index -> assign('left', $left);
    $xtpl_index -> assign('mid', $mid);
    $xtpl_index -> assign('right', $right);
    $xtpl_index -> assign('footer', $footer);
    $xtpl_index -> parse("INDEX");
    $xtpl_index -> out("INDEX");
?>